中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 0/100
Last scan:23 hr ago Rescan
0 /100
PantryPilot
Household replenishment planning skill for mainland China that estimates what is running low, maps menus into restock demand, routes items across Meituan/PDD/Taobao, and outputs cheapest/fastest/lowest-friction restock plans
PantryPilot is a legitimate household replenishment planning skill for Chinese e-commerce platforms with no malicious behavior detected. All functionality is clearly documented, no credential harvesting, no external data exfiltration, and no hidden operations.
Skill NamePantryPilot
Duration35.5s
Enginepi
Safe to install
This skill is safe for deployment. No security action required.
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE SKILL.md defines no filesystem access; scripts/publish.sh only modifies temp dir…
Network READ READ ✓ Aligned SKILL.md: 'inspect public product pages, grocery pages, activity pages'
Shell NONE NONE No shell execution in skill behavior; scripts/publish.sh is build-only, not skil…
Environment NONE NONE No environment variable access in skill implementation
Skill Invoke NONE NONE No cross-skill invocation without user consent documented
Clipboard NONE NONE No clipboard access documented or observed
Browser READ READ ✓ Aligned SKILL.md: 'inspect public product pages, screenshots' with explicit stop before …
Database NONE NONE No database access documented or required

File Tree

13 files · 34.1 KB · 1107 lines
Markdown 9f · 989L Shell 1f · 69L JSON 2f · 45L YAML 1f · 4L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 4L · 397 B
├─ 📁 references
│ ├─ 📝 example-prompts.md Markdown 33L · 1.5 KB
│ ├─ 📝 output-patterns.md Markdown 30L · 659 B
│ ├─ 📝 platform-routing.md Markdown 139L · 4.1 KB
│ ├─ 📝 replenishment-framework.md Markdown 178L · 4.6 KB
│ └─ 📝 test-cases.md Markdown 62L · 1.7 KB
├─ 📁 scripts
│ └─ 🔧 publish.sh Shell 69L · 2.1 KB
├─ 📝 CHANGELOG.md Markdown 8L · 399 B
├─ 📋 clawhub.json JSON 22L · 598 B
├─ 📋 package.json JSON 23L · 506 B
├─ 📝 README.md Markdown 128L · 3.9 KB
├─ 📝 RELEASE.md Markdown 83L · 2.1 KB
└─ 📝 SKILL.md Markdown 328L · 11.6 KB

Security Positives

✓ Clear documentation of all capabilities in SKILL.md
✓ Explicit safety boundaries defined (no login, no payment, no auto-checkout)
✓ No credential harvesting or sensitive data access
✓ No external data exfiltration or C2 communication
✓ No obfuscated code or base64 payloads
✓ No suspicious file paths accessed (~/.ssh, ~/.aws, .env)
✓ Browser access limited to public pages with explicit stop conditions
✓ Standard CI/CD script for publishing only, not skill execution
✓ MIT license with transparent open-source intent